IETF Logo Mail Archive

Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05

David Farmer <farmer@umn.edu> Wed, 08 May 2019 21:55 UTC

Return-Path: <farmer@umn.edu>
X-Original-To: ipv6@ietfa.amsl.com
Delivered-To: ipv6@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFC0D1201A2 for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 14:55:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.299
X-Spam-Level:
X-Spam-Status: No, score=-4.299 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=umn.edu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nStf_FqwvpGa for <ipv6@ietfa.amsl.com>; Wed, 8 May 2019 14:55:28 -0700 (PDT)
Received: from mta-p7.oit.umn.edu (mta-p7.oit.umn.edu [134.84.196.207]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92CE31200E0 for <ipv6@ietf.org>; Wed, 8 May 2019 14:55:28 -0700 (PDT)
Received: from localhost (unknown [127.0.0.1]) by mta-p7.oit.umn.edu (Postfix) with ESMTP id D37CA15E for <ipv6@ietf.org>; Wed, 8 May 2019 21:55:27 +0000 (UTC)
X-Virus-Scanned: amavisd-new at umn.edu
Received: from mta-p7.oit.umn.edu ([127.0.0.1]) by localhost (mta-p7.oit.umn.edu [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sp7iVngQuqK4 for <ipv6@ietf.org>; Wed, 8 May 2019 16:55:27 -0500 (CDT)
Received: from mail-wm1-f72.google.com (mail-wm1-f72.google.com [209.85.128.72]) (using TLSv1.2 with cipher AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mta-p7.oit.umn.edu (Postfix) with ESMTPS id 728125F4 for <ipv6@ietf.org>; Wed, 8 May 2019 16:55:27 -0500 (CDT)
Received: by mail-wm1-f72.google.com with SMTP id u186so288471wmu.9 for <ipv6@ietf.org>; Wed, 08 May 2019 14:55:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=umn.edu; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=kZmtjTnKEpag3/wr+tFnnDaVQwJNhMZJ70wh1FtXlSM=; b=TknuKTUypHFH/JuUAZ2jONNV/OlKH/G8xyYIldH+k3bWakNxZ8UqlT8GLVCLQ99aPg jQt+UO3/BAk8b6vO0uuHI4NG0aNHSD/BSI49gmts1Cw2nLrZlICgcpyTjPP+ChzFJVdV IHXusEENNf5OYoodp7g/imWeguyxrxEFkIz5S+P9Q/IUdVIyeccixOb2wHkSaD5eAmus zKo53zEAvDMWGPreoEqhxBgx9ds1vyUM3P6adKeAVWJDBLt8fdPm9GGt08l371RMpSM7 XzGfsgTkBbNuuta+FRpxCLuCkI3+DuV/acch5ropHnXKGqT2HZYJJyekQWdJ7fvjxzBt 8LQw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=kZmtjTnKEpag3/wr+tFnnDaVQwJNhMZJ70wh1FtXlSM=; b=hlmD/cmwufcGAFJPD2TG0bM4Wo9uxdS2mFTmzXxQmszES2YKVcep+5UaTQNKuLjE9E AT5cmZewfThSGBor3hCaIcD6a7J894n+Sfp6fl7rkSUFsQG41oWqOgTfYHzxT0XNo/Ng hKHCBilOb3bRJfi7Aa2WCV4aOluiDXWMj4iB/XudLRYGRwxRrO05fCsffEo3NlaDisZ5 +y4obHXsvY4WE/rkvnI2yuESDyLKGL1cpwLThkUEr+dAT6v9AQ1jiiJncV1vpkymuGRO pCTFKvbqprZ1ZaQgmxV0h8hcILhSqUef+nqdPq1ypSww38qPlgUGBPSskzTef2zd9fcP NUhA==
X-Gm-Message-State: APjAAAX4wWcBAt3DSkRvNmpiRb8WKvKp+QERwzJ7zzZ2EP7Db+Y2JUUw qQQRsScbRSo0+FFC6N9zWQi0foSVyHmk5aGeG+hcehzJ86x3fKGOyniMDBEPiRvC2jx/RtOKNjY 7rXHVCLjAMjVZjWYUe/eft1jc
X-Received: by 2002:adf:df88:: with SMTP id z8mr124078wrl.209.1557352526014; Wed, 08 May 2019 14:55:26 -0700 (PDT)
X-Google-Smtp-Source: APXvYqxmV6eCEz3y1WM7NJ4fw5ejWAJ2vjokMNywKjXRxwH9RAKJrOLJmuEf7/FLRgKysPJDOv6epQH6l8MMrOlb7rY=
X-Received: by 2002:adf:df88:: with SMTP id z8mr124063wrl.209.1557352525556; Wed, 08 May 2019 14:55:25 -0700 (PDT)
MIME-Version: 1.0
References: <F8BFFCAD-E58E-4736-8A1C-56579B6F6032@employees.org> <a2465e81-a17f-ab48-efda-20fe12a70077@foobar.org> <30239E0C-C444-4A7E-8342-AEE47BF8A2BB@employees.org> <8b9fd743-bfcc-525c-98f6-154f3fa713cc@foobar.org> <CAO42Z2zEWvt9NyemMb8H0AEvPvmNSDGa4wcXiS6n5yRxNFCHQg@mail.gmail.com> <c7e18765-be04-6494-8193-984dbccb520b@foobar.org> <CANMZLAYh+V57yrWOzmUyjSMK0g95u1D5_GZmyZBMOMKAZnrnCg@mail.gmail.com> <3F474511-6FE3-4A0A-9B84-7C37F08FBB5D@steffann.nl> <E352C226-C708-4418-BCDE-10525CAB109A@jisc.ac.uk> <652fb10e-b8ce-0151-a9a0-62d2378caed2@gmail.com> <0079c716-d56c-7199-f493-f5e56e1307ae@foobar.org> <b33de303-eaca-f7f6-804e-2c9343eb92a1@gmail.com> <6C4ABEF1-2565-4BA9-9FC5-5B3C45A719AD@gmail.com> <c2222416-6491-1906-a403-d012777a4b38@gmail.com> <CABNhwV0-SdKZqQa4z9jhpc8h1Eq=8UxRhtvHt1==BYEMTVRjug@mail.gmail.com> <96790121-7D50-4C6F-924F-87065B989E44@gmail.com> <ccab3694-54f2-bdd1-f8ac-cb159dbc0a81@gont.com.ar>
In-Reply-To: <ccab3694-54f2-bdd1-f8ac-cb159dbc0a81@gont.com.ar>
From: David Farmer <farmer@umn.edu>
Date: Wed, 08 May 2019 16:55:08 -0500
Message-ID: <CAN-Dau0_w0n9C6grqi1bXAL-k239K7RMiQyhx5=c-Y_wqrV2OQ@mail.gmail.com>
Subject: Re: Confirmation to advance: draft-ietf-6man-ipv6only-flag-05
To: Fernando Gont <fernando@gont.com.ar>
Cc: Bob Hinden <bob.hinden@gmail.com>, Gyan Mishra <hayabusagsm@gmail.com>, IPv6 List <ipv6@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000138020058867649f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ipv6/1gPQp-WtLSo7X6zQV_lmYvv0ynQ>
X-BeenThere: ipv6@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "IPv6 Maintenance Working Group \(6man\)" <ipv6.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ipv6>, <mailto:ipv6-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ipv6/>
List-Post: <mailto:ipv6@ietf.org>
List-Help: <mailto:ipv6-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ipv6>, <mailto:ipv6-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 May 2019 21:55:31 -0000

On Wed, May 8, 2019 at 2:54 PM Fernando Gont <fernando@gont.com.ar> wrote:

> The question is probably why not use IPv4 to disable IPv4. Entangling
> one protocol with another generally leads to increased complexity, and
> interesting attack vectors.
>
> I wonder why, if the issue is really a layer 2- one (e.g., stations
> being awaken unnecessarily), the problem is not solved at layer 2- --
> e.g. filtering at layer to, based on the Ether Proto.
>
> Thoughts?
>

First, I don't think this flag is tangling the streams so to speak, IPv4
and IPv6 are tangled by the dual-stack model. I think of the flag as trying
to untangle IPv6 from IPv4 so we can run IPv6-Only on dual-stack hosts.

The primary signal for a dual-stack host to not configure an IPv4 address
should be the failure to receive an IPv4 address from a DHCPv4 Server
[RFC2131]. This flag should be a secondary signal for a dual-stack host to
not auto-configured an IPv4 Link-Local addresses [RFC3927] assuming an
address has not received via DHCPv4, to not perform any IPv4 service
discovery (such as mDNS [RFC6762]) using IPv4 Link-Local Addresses, and
further, to limit the number of attempts that are made to configure an IPv4
address via DHCPv4.

Otherwise, without this secondary signal, when a dual-stack host does not
receive an IPv4 address from a DHCPv4 Server it would
normally auto-configured an IPv4 Link-Local addresses, perform IPv4 service
discovery (such as mDNS [RFC6762]) using IPv4 Link-Local addresses, and
some dual-stack hosts are quite persistent in their attempt to configure an
IPv4 address. It is these sides effects of not receiving an IPv4 address
from a DHCPv4 Server that the flag needs to mitigate and that are necessary
to untangle IPv6 from IPv4 to run IPv6-Only on dual-stack hosts.

This secondary signal needs to be expressed with an IPv6 mechanism so that
it is compatible with Layer 2 filtering of IPv4 Ethertypes, however, use of
the flag doesn't require this filtering. If this signal is expressed in
IPv4 then it is impossible for the signal to be received in the presence of
Layer 2 filtering of IPv4 Ethertypes.

The following is the rewrite I propose for the logic in the Host Behavior
Considerations Section based on the above restatement of the purpose of the
flag.

---

A host that receives any RAs with the flag set to 1 SHOULD NOT
auto-configured an IPv4 Link-Local Addresses [RFC3927] when it fails to
receive an IPv4 address via DHCPv4 [RFC2131] and therefore SHOULD
NOT perform IPv4 service discovery (such as mDNS [RFC6762]) using IPv4
Link-Local addresses.

A host that receives only RAs with the flag set to 1 SHOULD make a limit
number of attempts to configure an IPv4 address via DHCPv4 and then make no
further attempts. OPTIONAL, such a host could make no attempt to configure
an IPv4 address at all.

As soon as a host receives any RAs with the flag set to 0 it SHOULD attempt
to configure an IPv4 address via DHCPv4 if it does not already have an IPv4
address configured, and MAY continue to periodically attempt to configure
an IPv4 address via DHCPv4 if it does not receive an IPv4 address from a
DHCPv4 Server as long as it is receiving any RAs with the flag set to 0.

A host that successfully configures an IPv4 address received via DHCPv4
SHOULD continue using it and attempt to renew it when necessary regardless
the status of the flag in the RAs it is receiving. Further, it MAY perform
IPv4 service discovery (such as mDNS [RFC6762]) using the configured IPv4
address.

Thanks.

-- 
===============================================
David Farmer               Email:farmer@umn.edu
Networking & Telecommunication Services
Office of Information Technology
University of Minnesota
2218 University Ave SE        Phone: 612-626-0815
Minneapolis, MN 55414-3029   Cell: 612-812-9952
===============================================

v2.23.0 | Report a Bug | By Email